[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] private address routing
Derek, if I understand you correctly, you have your network set up like this: Internet | FW - DMZ (192.x.x.x) | Internal (172.x.x.x) There is no reason to use NAT between the internal network and the DMZ. All you need is the proper routes (in NT), and a FW-1 security policy that allows this traffic. Or did I miss something?? Cheers, Anders :) > -----Original Message----- > From: Belanger, Derek [mailto:[email protected]] > Sent: 8. september 2000 15:12 > To: FW1 (E-mail) > Subject: [FW1] private address routing > > > > This is my second attempt for a solution from this board, so > if you can help > at all, please give me a hand. > > I have FW14.0 on NT4.0 with three interfaces I want to route > between. The > interfaces I want to route are: my external interface (valid Internet > address), my MZ (172.x.x.x) and my DMZ (192.x.x.x). > > I, of course, have to NAT anything going out the external > interface, HOWEVER > presently I also have to NAT between my MZ and DMZ to route > between these > interfaces. > > I really don't want to NAT the MZ to DMZ...and I don't know > why I should > have to (after all each network is local to the FW). Can > someone explain how > to route this scenario without NAT. If it cant be done please > let me know > why. > > Thanks everyone, > Derek Belanger > > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|